GridTracker can abuse LoTW


Dave AA6YQ
 

+ AA6YQ comments below:
Email sent with 2 png's, Dave.

+ Thanks, Tim!

+ The setting in question appears in a table on the Logging tab of GridTracker's Settings window: it's a round button in the Startup column of a row whose first column contains "LoTW"; my strong advice is to disable it.

+ Note that enabling the round button in the Menu column of this row creates a square button labeled LoTW on Grid Tracker's Main window; if clicked, GridTracker will direct LoTW to report all QSOs in your LoTW account.

As far as I know, these are still unchecked at install. I haven't done a new install since this change took place. I know when I installed my last system, it wasn't checked. I believe this is due to you having to have settings in the user/password or it would attempt to connect without credentials. However, I can't say I'm 100% sure.

+ I installed GridTracker on a Microsoft Surface running WIndows 10, and confirm that the setting default to disabled. However, there are not "explanatory popups" associated with it or its associated settings. Given with the absence of documentation, users have no way of knowing what enabling the setting will do.

      73,

            Dave, AA6YQ


Tim Elwell
 

Email sent with 2 png's, Dave.


On 6/12/21 9:47 PM, Dave AA6YQ wrote
+ No problem, Tim. Please attach the GridTracker screenshot to an email message, and send the message to me via

aa6yq (at) ambersoft.com

As far as I know, these are still unchecked at install. I haven't done a new install since this change took place. I know when I installed my last system, it wasn't checked. I believe this is due to you having to have settings in the user/password or it would attempt to connect without credentials. However, I can't say I'm 100% sure.


+ After initial GridTracker installation, is the checkbox checked or unchecked?

73,

Tim
KG1GEM


Dave AA6YQ
 

Ok, obviously not. Sorry, I gave it a shot. Anyway, there is a checkbox under the "Startup" column in the settings that can be deselected. It should fix the issue until they resolve it otherwise.

Sorry for the extra bandwidth of emails.

+ No problem, Tim. Please attach the GridTracker screenshot to an email message, and send the message to me via

aa6yq (at) ambersoft.com

+ After initial GridTracker installation, is the checkbox checked or unchecked?

73,

Dave, AA6YQ


Tim Elwell
 

Ok, obviously not. Sorry, I gave it a shot. Anyway, there is a checkbox under the "Startup" column in the settings that can be deselected. It should fix the issue until they resolve it otherwise.

Sorry for the extra bandwidth of emails.

73,

Tim

On 6/12/21 9:40 PM, Tim Elwell wrote:
Hi Dave and all,

Can't remember if I can attach png or not but will give it a shot. This is a snip of part of the settings page. The red pen marked box is the one that will load LoTW at startup if selected. I've never used that, so never seen the problem others have. Unchecking that should resolve the problem until the GridTracker guys fix the current issue.


Tim Elwell
 

Hi Dave and all,

Can't remember if I can attach png or not but will give it a shot. This is a snip of part of the settings page. The red pen marked box is the one that will load LoTW at startup if selected. I've never used that, so never seen the problem others have. Unchecking that should resolve the problem until the GridTracker guys fix the current issue.

73,
Tim

---
KG1GEM
Flower Mound, TX
Denton County ARES/SkyWarn Spotter

On 2021-06-12 21:16, Dave AA6YQ wrote:

loadLOTWCheckBox
I do not know how this setting appears in the application because
there is no documentation, and because running GridTracker on my
Windows 8 test system fails. If this setting is enabled at startup,
GridTracker will direct LoTW to report *all* submitted QSOs!


Dave AA6YQ
 

Increasingly over the past year, DXKeeper users have reported receiving an "invalid response" error when they invoke DXKeeper's
"Sync LoTW QSOs" (report new acceptances) and "Sync LoTW QSLs" (report new confirmations) functions.

Several DXKeeper users recently noted that this behavior began shortly after running the GridTracker application for the first time.
GridTracker is open source, so earlier this evening I took a look at its source code. This application provides a setting referred
to in the source code as

loadLOTWCheckBox

I do not know how this setting appears in the application because there is no documentation, and because running GridTracker on my
Windows 8 test system fails. If this setting is enabled at startup, GridTracker will direct LoTW to report *all* submitted QSOs!

A rather heated realtime discussion with several GridTracker developers confirmed my understanding of its source code. Frankly, I
could not believe that any competent developer would construct something so irresponsible without at least providing documentation
to prevent inadvertent abuse by its users.

I don't recall exactly when, but code was added to LoTW to detect and deter abuse of its "download all QSOs" capability by returning
a "503" error in response to an abusive downloader; DXKeeper sees this as an "invalid response" error. This "detect abusive
downloads" functionality is also undocumented, but my recollection is that once triggered, subsequent Sync requests may be rejected
for a time.

This problem will affect any logging applications that downloads QSOs or QSLs from LoTW.

The GridTracker developers say that they will correct this situation. In mean time, I suggest that GridTracker users disable the
loadLOTWCheckBox setting, whatever's it's called.

73,

Dave, AA6YQ (developer, DXLab)